Was having dinner yesterday with my friends and the topic of password security came up. I mentioned I started using Passkeys whenever they are available and they don’t understand how it works. Worth noting they are technical people.
I love passkeys but their road to adoption looks grim.
@jsq it’s essentially Public Key Cryptography yeah. You don’t have to use your Apple ID. If your password manager supports them, you can store your passkeys there and be able to sync them or back them up.
@andy I’ve had this mental block against passkeys because it’s always shown as “use Face/Touch ID instead of a password” — which feels fragile/risky, like dependent on a specific device.
But, if it’s just GPG in your password manager, then I suppose it’s not much different from having a bunch of random 50-char passwords that I don’t know.
@jsq it’s unfortunate marketing, but in the case of iOS they are stored in the device keychain by default, so in reality you just need your device passcode to unlock them. They sync normally like anything else with iCloud so if your face were to be blown off (you’d have other things to worry about, but…), you could still access them on any of your devices.
@jsq@andy Yeah this helped me make the switch too. I didn’t want it to be locked onto my iPhone. And if I needed to use the iCloud Keychain, that’d be unfortunate because everything I have is in 1Password. Then 1Password got support and I was onboard.
I agree that the public perception of them tend to feel too “magical” when it’s really not.
@cjwirth@andy yeah, the other unfortunate thing is that with iCloud your passkeys can be “unlocked” or whatever with your phone passcode, which seems very bad to me
Add comment